package bancosys.tec.security.impl.web.servlet;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import bancosys.tec.security.SecurityURLMapping;
import bancosys.tec.security.impl.web.WebSecurityContext;

/**
 * Servlet responsável por efetuar o logout e invalidar a sessão. Configurações:<br>
 * <table>
 * <tr>
 * <td><code>logoutExitPage</code></td>
 * <td>URI da página padrão para onde o usuário deve ser enviado após efetuar o logout.</td>
 * </tr>
 * <tr>
 * <td>outras configurações</td>
 * <td>ver configs herdados do {@link SecurityServlet}</td>
 * </tr>
 * </table>
 * 
 * @created 19/03/2008
 * @author Gustavo Almeida
 */
public class LogoutServlet extends SecurityServlet {

    private static final String LOGOUT_EXIT_PAGE = "logoutExitPage";

    private volatile String logoutExitPage;

    /**
     * Inicializa o servlet lendo os parametros de configuração.
     * 
     * @throws ServletException veja {@link SecurityServlet#init()}
     */
    @Override
    public void init() throws ServletException {
        super.init();
        this.logoutExitPage = SecurityURLMapping.getInstance().getLogoutURL();
        if (this.logoutExitPage == null) {
            this.logoutExitPage = this.getNotNull(this.getServletConfig().getInitParameter(LOGOUT_EXIT_PAGE), "/");
        }
    }

    /**
     * Delega para {@link #doPost(HttpServletRequest, HttpServletResponse)}
     * 
     * @param request request http.
     * @param response resposta http.
     * @throws ServletException e
     * @throws IOException e
     */
    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        this.doPost(request, response);
    }

    /**
     * Processa o login
     * 
     * @param request request http.
     * @param response resposta http.
     * @throws ServletException e
     * @throws IOException e
     */
    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String logoutUri = this.getNotNull(request.getParameter(LOGOUT_EXIT_PAGE), this.logoutExitPage);

        this.setNoCacheHeaders(response);
        this.logout(request, response);
        this.forward(request, response, logoutUri);
    }

    /**
     * Executa o logout e invalida a sessão.
     * 
     * @param request request http.
     * @param response response http
     */
    private void logout(HttpServletRequest request, HttpServletResponse response) {
        WebSecurityContext context = new WebSecurityContext(request, response);
        this.getSecurityManager().logout(context);
        request.getSession().invalidate();
    }

    /**
     * {@inheritDoc}
     */
    @Override
    protected void forward(HttpServletRequest request, HttpServletResponse response, String uri) throws ServletException, IOException {
        if (uri != null && !uri.startsWith("/")) {
            response.sendRedirect(uri);
        } else {
            super.forward(request, response, uri);
        }
    }
}
